Industry 4.0 = Security 4.0?

Similar documents
Without us, your world could suddenly find itself turned upside down.

Cyber Security Detection Technology for your Security Operations Centre. IT Security made in Europe

Smart cyber security for smart cities

RadarServices for Red Bull

Security Information & Event Management (SIEM)

General Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!

CYBER RESILIENCE & INCIDENT RESPONSE

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

CYBER SECURITY OPERATION CENTER

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Security Awareness Training Courses

Security by Default: Enabling Transformation Through Cyber Resilience

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

NEXT GENERATION SECURITY OPERATIONS CENTER

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

RSA INCIDENT RESPONSE SERVICES

Un SOC avanzato per una efficace risposta al cybercrime

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

RSA INCIDENT RESPONSE SERVICES

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Transforming Security from Defense in Depth to Comprehensive Security Assurance

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Digital Wind Cyber Security from GE Renewable Energy

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

A practical guide to IT security

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Continuous protection to reduce risk and maintain production availability

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

How AlienVault ICS SIEM Supports Compliance with CFATS

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

NEN The Education Network

CA Security Management

deep (i) the most advanced solution for managed security services

Cyber Security Technologies

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

SECURITY INTELLIGENCE CONTINOUS IT SITUATION AND INTELLIGENT DETECTION SELF-LEARNING INTUITIVE EASY INTEGRATION

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

How Breaches Really Happen

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Ransomware A case study of the impact, recovery and remediation events

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

External Supplier Control Obligations. Cyber Security

Cyber Resilience - Protecting your Business 1

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Ransomware A case study of the impact, recovery and remediation events

The Value of Automated Penetration Testing White Paper

Protecting productivity with Industrial Security Services

CyberArk Privileged Threat Analytics

Building Resilience in a Digital Enterprise

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

Information Security Controls Policy

locuz.com SOC Services

Security Gap Analysis: Aggregrated Results

Trend Micro and IBM Security QRadar SIEM

INNOVATIVE IT- SECURITY FOR THE BANKING AND PAYMENT INDUSTRY

falanx Cyber Falanx Phishing: Measure your resilience

Get Armoured Against Endpoint Attacks. Singtel Business. Managed Defense Endpoint Services Threat Detection and Response (ETDR)

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Information Security Specialist. IPS effectiveness

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Guide to Cyber Security Compliance with GDPR

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

Industry Best Practices for Securing Critical Infrastructure

CA Host-Based Intrusion Prevention System r8

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

22 BEVIS MARKS, LONDON, EC3A 7JB

Prevent and Detect Malware with Symantec Advanced Threat Protection: Network

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Cyber Security. Building and assuring defence in depth

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

HOSTED SECURITY SERVICES

with Advanced Protection

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Best Practices in Securing a Multicloud World

Kaspersky Security Network

The McGill University Health Centre (MUHC)

Troubleshooting and Cyber Protection Josh Wheeler

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

Case Study. Encode helps University of Aberdeen strengthen security and reduce false positives with advanced security intelligence platform

Transcription:

Competence Series Industry 4.0 = Security 4.0? 1 IT Security made in Europe

Industry 4.0 = Security 4.0? Industry 4.0 is the term used to describe the fourth industrial revolution, the future of industrial production based on the Internet of Things. Its characteristics include a high level of product individualisation and an ability to simultaneously take account of the requirements of dynamic (high-volume) production. Factories are turning into smart factories. Processes are being controlled and coordinated in real time across national and corporate boundaries. To succeed, it will require the standardisation and modularisation of the individual process steps and the programming of virtually editable models of these modules. Product individualisation enables companies in many industries to produce a large number of product variants at low cost, and in doing so, to satisfy individual customer needs. Companies can react flexibly to market developments, to rapid changes in product requirements or fluctuating commodity prices. This high level of adaptability is accompanied by an improved utilisation of production capacities, whilst the flexible management of resources serves to improve overall operating efficiency. More accurate calculations mean that less material is needed, which reduces inventory and manufacturing costs. Industry 4.0 means opportunities and challenges. Integrating the concept within an organisation means opening up the company s IT infrastructure, making it more susceptible to errors and more vulnerable to attack. Unfortunately, intruders will not stop trying to find new ways of breaking into business networks. Attacks specifically designed to penetrate industrial control systems present a threat to production facilities. Infected computers can be controlled remotely and their data stolen. Other linked or built-in devices such as microphones, keyboards and monitors can also be spied on. As the malware exploits unknown security holes, firewalls and network monitoring software are unable to detect it. Risk scenarios Scenario 1 Attackers install malicious programs and block all production and logistics operations. Production and capacity utilisation data are inspected, and application and system data manipulated. In a worst-case scenario, a misdirected machine could cause physical damage in its vicinity. Scenario 2 Commands to industrial robots are sent via embedded systems, which are usually connected to a programmable logic controller. The control components are linked to the Internet. An attacker can therefore read application 3

and system data, install data packets designed to sabotage the production lines, related systems or even the entire corporate IT infrastructure. Scenario 3 Social engineering: attackers exploit human characteristics, such as helpfulness, trust, curiosity or fear, to manipulate employees and gain access to data, to circumvent security precautions or to install malicious code on their computers. Their objective is to spend time undisturbed inside the company s network. Cases in Germany APT attack on a steel works Using a combination of social engineering (Scenario 3) and email data theft (spear phishing attack), intruders gained access to the office network of a steel works. From there, they worked their way into the production networks. They disabled control systems and parts of the plant. A blast furnace could not be shut down as normal and remained in an undefined state. The furnace suffered massive damage. Attack on production networks by Dragonfly Dragonfly is a group that has already attacked several dozen companies in Germany. One of their attack campaigns targeted manufacturers of industrial control system software. They inserted the malware program Havex into the installation files on the download servers. This allowed them to gather specific information about the industrial control systems sector, including details of the devices and systems used in production networks. The Federal Office for Information Security (BSI) expects the perpetrators to make use of this information in further attacks and is following the attack campaign together with Germany s Federal Criminal Police Office (BKA). The concept for IT Security 4.0 In order to gain long-term benefits from the huge opportunities offered by Industry 4.0, manufacturing companies must establish an effective and efficient security management system for their smart factories. Traditional protection strategies such as firewalls, antivirus software and network monitoring software only ever protect specific, small parts of the IT infrastructure from potential attacks. Attackers, on the other hand, focus on detecting new and unknown security holes. A broad-based protection strategy counteracts this. A wide array of risk identification modules correlates millions of security events and remains constantly on the lookout for new threat scenarios. The results of the correlations are then analysed by a team of experts with constantly updated specialist knowledge and skills. The analyses must be able to provide a readily available overview of the critical information that would quickly reveal the presence of a real attack. Component 1: excellent detection tools To protect every level of the IT infrastructure, automated risk identification modules need to be employed: Security Information & Event Management (SIEM): creating an alert in the event of security issues or potential risks through the collection, analysis and correlation of logs from various sources. Advanced Cyber Intrusion Detection (ACID): the detection of dangerous malware, anomalies and other risks in the network traffic using signature- and behaviour-based detection engines. Host-based Intrusion Detection System (HIDS): the collection, analysis and correlation of server and client logs as well as rapid alerting when attacks, misuse or errors are detected. The data integrity of the local system is checked and rootkits, concealed attacks, trojans and viruses are identified from changes to the system. Vulnerability Management and Assessment (VAS): a 360-degree overview of potential security flaws in operating systems and application software, and the monitoring for anomalies of all data flows on the network. Advanced Email Threat Detection (AETD): the deployment of next-generation sandbox technologies to detect advanced malware in emails.»» Software Compliance (SOCO): automated monitoring of adherence to compliance regulations and the immediate reporting of breaches to minimise compliance risks. 4 5

Component 2: state of the art correlation engine Signature-based intrusion detection is often ineffective on the types of attack being carried out today. Traffic is therefore not tested based on patterns but on behaviour within the IT system. Unusual behaviour becomes visible when all security events are correlated with each other on two levels: at the level of a risk identification module and at the level of cross-correlation of the information from different modules. Advanced correlation is also a necessary requirement for recognising the suspicious behaviours of concealed or as yet unknown forms of attack. To ensure the success of the Advanced Correlation Engine in detecting risks and warning of critical situations, rules, policies and self-taught algorithms and statistical models must be applied and updated regularly. Component 3: expert analysis and evaluation Automatically collected security information must be assessed by highly specialised experts. They analyse, evaluate and prioritise the results and, using the very latest information and knowledge, are responsible for the ongoing development of automated mechanisms. All the results should be seen as part of a big picture, and the analysis should take into account events in the particular IT infrastructure as well as the latest developments inside and outside the industry. Teams of experts must also act quickly to provide precise instructions on troubleshooting and they must constantly adapt all the policies and rules used by the risk identification modules and advanced correlation engines to identify and eliminate vulnerabilities and new types of attack without delay. The benefits of Managed Security Services The automated collection and analysis of security data, the correlation of all the information, the continuous tailoring of rules and models and the interpretation of the information collected requires time as well as personnel and financial resources. Many companies are not in a position to make such efforts over the long term in addition to their normal business operations. This is where the expertise and tools of an external specialist are worth looking at. RadarServices is the European market leader for proactive IT security monitoring and IT risk detection as a managed service. We offer businesses a complete package for implementing continuous security monitoring across their IT infrastructure. Companies who outsource their IT security services do not have to transfer security-related and therefore highly sensitive information to the outside. RadarServices provides a hardware appliance, including all modules and the Advanced Correlation Engine. This collects and analyses all automatically obtained information. The hardware appliance operates within the corporate network, making sure that no security-sensitive data ever physically leaves the company. RadarServices continuously configures and maintains all the modules. The rules governing risk detection and correlation are constantly updated. All important information, free from false positives and false negatives, is ultimately sent to the Risk & Security Cockpit. Reports and statistics are made available in the desired depth of detail. In urgent cases, alerts are sent via the Cockpit, via email and even as a push message to mobile phones. The internal IT security teams can contact the experts at any time via a messaging and feedback system. A built-in Business Process Risk View highlights those business processes that are most vulnerable to IT security threats, adding the finishing touch to this fully-featured and resource-saving solution. Component 4: information processing Intelligence on the latest IT security situation within the company should be presented centrally and in the form of detailed, easy-to-understand reports and statistics for both the internal IT security teams as well as for senior management. Information should focus on the most critical events to ensure that remedial work is targeted specifically at what matters. In urgent scenarios, an alert must be sent to defined recipients. 6 7

RadarServices is the European market leader for managed security services. In focus: the early detection of IT security risks. Data never leaves a client s company. The services combine (1) cutting-edge technology developed in Europe, (2) the work of security intelligence teams in Security Operations Centers (SOCs) globally and (3) documented processes and best practices. The result: Highly effective and efficient improvement of IT security and risk management, continuous IT security monitoring and an overview of security-related information throughout the entire corporation. RadarServices Zieglergasse 6 1070 Vienna Austria Phone: +43 (1) 929 12 71-0 Fax: +43 (1) 929 12 71-710 Email: sales@radarservices.com Web: www.radarservices.com RadarServices Germany Taunustor 1 60310 Frankfurt a. M. Phone: +49 (69) 2443424 655 Email: sales_germany@radarservices.com RadarServices Middle East A110-1, DSO HQ Building Dubai, VAE Phone: +971 (4) 501 5447 Email: sales_me@radarservices.com 2015 RadarServices Smart IT-Security GmbH. FN371019s, Commercial Court Vienna, Austria. All rights and changes reserved. RadarServices is a registered trademark of RadarServices Smart IT-Security GmbH. All other product or company names are trademarks or registered trademarks of the respective owners. Detecting Risk, Protecting Value 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback